Thursday, May 04, 2017

A Massive Google Docs Phish Might Have Stolen A Load Of Gmail
Accounts

A lot of people are getting some suspicious looking emails
in their Gmail today.

The malicious messages are coming from trusted contacts,
asking them to open a Google Doc. As
soon as the recipient clicks through, they are asked to give away permissions
to an app imitating Google Docs, namely the ability to read, send, delete and
manage email, as well as manage contacts. For the user, once they've clicked through,
nothing happens. But the attacker is
effectively given access to people's Gmail.

…It's remarkably
sophisticated and spreading like wildfire. Given how many complaints Google is receiving
on Twitter, it's likely a lot of people were affected. For now, it looks like Google has shut the
attack down by revoking the app and killing the phishing pages the attacker set
up.

…There is, sadly,
one big problem for victims who clicked through: the attacker could have
automated their scam (likely, given how they carried out the illicit operation)
and hoovered up all their Gmail already. In this case, there's not much to be done
other than hope nothing sensitive was stolen

Some of the money from the Bangladesh SWIFT hack was sent
to casinos in the Philippines.I wonder
how they defend against hackers?

In a VIP room reserved for high-spending gamblers at City of Dreams Manila casino in the
Philippine capital, many of the players are nowhere to be seen. They’re not even in the country.

Instead, they’re placing bets by telephone, a practice
banned in other gaming centers such as Singapore, Australia and Macau, but legal in the Philippines.
Young men and women sitting at tables at
the casino, many from China and dressed in smart black uniforms, chat in
Chinese over mobile-phone headsets, placing wagers on behalf of their long-distance
clients. Video cameras on the ceiling
broadcast the action on the tables for gamblers who are watching, mostly from
China.

Philippine casinos reported as much as 110 percent
increases in VIP revenue from high-rollers -- from
$27 billion in bets placed last year, and possibly far more if off-books
betting were tallied. Phone betting,
also known as betting by proxy, has grown to account for as much as 85 percent
of the business at some VIP rooms used by big spenders, according to people
familiar with the operations who asked not to be identified as they’re not
authorized to speak publicly.

…The casinos’
operations are raising the risks of money laundering, according to a
U.S. government report in March. And
Philippines gambling operations are causing concern in China, where authorities
have sought to halt billions of dollars worth of
outflows that have pushed down the value of the currency and drained capital
reserves.

eDiscovery is a concept born from litigation. It describes
the need to find and retain electronic data that might be required in
litigation ― whether for the plaintiff, the defendant or a third party. In recent years, eDiscovery has become
considerably more complex. Business is
increasingly litigious; legal obligations such as freedom of information (FoIA)
laws and Europe’s General Data Protection Regulation (GDPR) are generating new
demands; and the sheer volume and diversity of corporate electronically stored
information (ESI) is expanding dramatically.

…There is effectively
no source of ESI that is exempt, whether that is in the cloud, on social media,
or stored on employees’ personal devices.

“In short,” notes Osterman, “any electronic information
that contains a business record, regardless of the tool that was used to create
it or the venue in which it is stored, will potentially be subject to
eDiscovery.

If all of the data is from public sources, would it be
ethical to ignore it?

Companies hire a third party to scour public databases to make sure
employees are not getting into legal trouble that would impact their jobs. But is it ethical?

An employee gets stopped over the weekend for a DUI. Unbeknownst to him once his name hits the
police’s public database, his employer will know about it soon after – whether
the conviction has any impact on the employee’s job performance or not.

That is just one scenario in which enterprises are
checking up on their employees to make sure their private lives don’t impact
the companies bottom lines. It is not
uncommon for companies to do background checks on prospective employees, but
some businesses are carrying that through while employees still punch the
clock.

Security company Endera explained that employers want to
know if an employee is on a criminal watchlist, is booked or arrested, loses a
key certificate, is in financial distress or is involved in a lawsuit.

…In Endera’s
December survey of 278 business executives, fewer than 25 percent of companies
proactively review current employees at risk.

A think tank is suing
the NYPD over its failure to reveal details about its secret facial recognition
program. Georgetown University’s Center
on Privacy and Technology (CPT) alleges that the department hasn’t complied
with New York state’s Freedom of Information Law (FOIL) by forking over
information on the system, which the department started using to investigate
crimes in 2011. When groups submitted FOIL requests for training manuals and
documentation, the NYPD insisted they didn’t have any, so CPT is
taking the department to court.

Google has revealed that it’s combining new deep learning
smarts with Street View to make it easier to automate the process of mapping
new addresses for Google Maps.

…Google has
turned to deep neural networks to automate the process of “reading” the content
of images, and it says that its latest algorithm achieves an “84.2 percent
accuracy on the challenging French Street Name Signs (FSNS) dataset,” according
to a blog
post, “significantly outperforming the previous state-of-the-art systems.” Google has made the model publicly
available through Tensorflow, the open-source machine learning software
library developed by Google, on GitHub.

India has been good to Facebook, is this the best way to
return the favor?

…The company says
its local entrepreneur partners will sell data vouchers priced at Rs 10 to Rs
20 (15 to 30 cents) for a day-long access (Rs 200 to Rs 300 for a month). The vouchers will be available to purchase through
online and offline stores.

…India is the fastest
growing market for Facebook. As of
last month, Facebook's marquee platform had 184 million monthly active users in
the country, 50 percent of which return to the site every day. The company's instant messaging and voice
calling app WhatsApp also has over 200 million monthly active users in India.

Much of this growth is being attributed to President Trump’s
tirades.I guess subscribers are trying
to avoid ‘fake news.’

…Did you know that there’s
a built-in Windows app to teach you about these new features?

It’s called Tips and you can find it by
searching it from the Start Menu. The
app collects useful Windows features and tutorials, and even works offline.

Scroll through the Topics tab to see if there’s a guide
on something you want to change, or check out What’s New for big new
Windows features. The app also includes
videos for some topics, helping visual learners.

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.